From b85fad797c983ebc840534a64e3f6f29ca659297 Mon Sep 17 00:00:00 2001
From: Zeyad Yasser <zeyady98@gmail.com>
Date: Sat, 12 Jun 2021 20:45:03 +0200
Subject: [PATCH] cr-service: add network_lock option to RPC and libcriu

v2: run make indent

Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
---
 criu/cr-service.c | 13 +++++++++++++
 images/rpc.proto  |  6 ++++++
 lib/c/criu.c      | 15 +++++++++++++++
 lib/c/criu.h      |  7 +++++++
 4 files changed, 41 insertions(+)

diff --git a/criu/cr-service.c b/criu/cr-service.c
index 38a8ea365..0f8bc4cc1 100644
--- a/criu/cr-service.c
+++ b/criu/cr-service.c
@@ -502,6 +502,19 @@ static int setup_opts_from_req(int sk, CriuOpts *req)
 		}
 	}
 
+	if (req->has_network_lock) {
+		switch (req->network_lock) {
+		case CRIU_NETWORK_LOCK_METHOD__IPTABLES:
+			opts.network_lock_method = NETWORK_LOCK_IPTABLES;
+			break;
+		case CRIU_NETWORK_LOCK_METHOD__NFTABLES:
+			opts.network_lock_method = NETWORK_LOCK_NFTABLES;
+			break;
+		default:
+			goto err;
+		}
+	}
+
 	if (req->ps) {
 		opts.port = (short)req->ps->port;
 
diff --git a/images/rpc.proto b/images/rpc.proto
index 61e1b24f4..a9f51ac4b 100644
--- a/images/rpc.proto
+++ b/images/rpc.proto
@@ -49,6 +49,11 @@ enum criu_cg_mode {
 	DEFAULT = 6;
 };
 
+enum criu_network_lock_method {
+	IPTABLES = 	1;
+	NFTABLES = 	2;
+};
+
 enum criu_pre_dump_mode {
 	SPLICE = 	1;
 	VM_READ =	2;
@@ -131,6 +136,7 @@ message criu_opts {
 	optional criu_pre_dump_mode	pre_dump_mode		= 61 [default = SPLICE];
 	optional int32			pidfd_store_sk		= 62;
 	optional string			lsm_mount_context	= 63;
+	optional criu_network_lock_method	network_lock		= 64 [default = IPTABLES];
 /*	optional bool			check_mounts		= 128;	*/
 }
 
diff --git a/lib/c/criu.c b/lib/c/criu.c
index 86c9dedf3..75f168799 100644
--- a/lib/c/criu.c
+++ b/lib/c/criu.c
@@ -1789,3 +1789,18 @@ void criu_set_pidfd_store_sk(int sk)
 {
 	criu_local_set_pidfd_store_sk(global_opts, sk);
 }
+
+int criu_local_set_network_lock(criu_opts *opts, enum criu_network_lock_method method)
+{
+	opts->rpc->has_network_lock = true;
+	if (method == CRIU_NETWORK_LOCK_IPTABLES || method == CRIU_NETWORK_LOCK_NFTABLES) {
+		opts->rpc->network_lock = (CriuNetworkLockMethod)method;
+		return 0;
+	}
+	return -1;
+}
+
+int criu_set_network_lock(enum criu_network_lock_method method)
+{
+	return criu_local_set_network_lock(global_opts, method);
+}
diff --git a/lib/c/criu.h b/lib/c/criu.h
index 044e5373d..258e33a19 100644
--- a/lib/c/criu.h
+++ b/lib/c/criu.h
@@ -40,6 +40,11 @@ enum criu_cg_mode {
 	CRIU_CG_MODE_DEFAULT,
 };
 
+enum criu_network_lock_method {
+	CRIU_NETWORK_LOCK_IPTABLES = 1,
+	CRIU_NETWORK_LOCK_NFTABLES = 2,
+};
+
 enum criu_pre_dump_mode { CRIU_PRE_DUMP_SPLICE = 1, CRIU_PRE_DUMP_READ = 2 };
 
 int criu_set_service_address(const char *path);
@@ -97,6 +102,7 @@ int criu_add_external(const char *key);
 int criu_set_page_server_address_port(const char *address, int port);
 int criu_set_pre_dump_mode(enum criu_pre_dump_mode mode);
 void criu_set_pidfd_store_sk(int sk);
+int criu_set_network_lock(enum criu_network_lock_method method);
 
 /*
  * The criu_notify_arg_t na argument is an opaque
@@ -256,6 +262,7 @@ int criu_local_add_external(criu_opts *opts, const char *key);
 int criu_local_set_page_server_address_port(criu_opts *opts, const char *address, int port);
 int criu_local_set_pre_dump_mode(criu_opts *opts, enum criu_pre_dump_mode mode);
 void criu_local_set_pidfd_store_sk(criu_opts *opts, int sk);
+int criu_local_set_network_lock(criu_opts *opts, enum criu_network_lock_method method);
 
 void criu_local_set_notify_cb(criu_opts *opts, int (*cb)(char *action, criu_notify_arg_t na));